Question

Security of httpd (url string exploit?)

Posted January 6, 2013 5.1k views
Hi. Logwatch on my CentOS VPS reported the following: --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 222.73.21.47 A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP Response 200 ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ vsftpd: Unknown Entries: authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Administrator rhost=92.86.139.111 : 105 Time(s) check pass; user unknown: 105 Time(s) ---------------------- pam_unix End ------------------------- Is this serious? What should I do next? Thanks
Add a comment
mattsharpdesign
By:
mattsharpdesign

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
moisey January 7, 2013
It is quite common to have remote users attempt to exploit any server that is on a public IP address.

If you follow our default setup instructions you should not have any issue with this.

Additionally the /etc/passwd file does not have any hashed passwords which are instead stored in your shadow file.
Reply Report

Looking for something else?

Ask a new question Search for more help